VulnHub

Real-time Cybersecurity News

New APT37 social engineering campaign targets Facebook users

SCM feed for Latest
Actively Exploited
MalwareTrojanMeta

Overview

APT37, a North Korean state-sponsored hacking group, has launched a new social engineering campaign aimed at Facebook users. This operation utilizes the RokRAT trojan, which allows attackers to gain access to victims' devices and sensitive information. The campaign is multi-faceted, indicating a sophisticated approach to trick users into downloading the malware. This is particularly concerning as it targets a widely-used platform, potentially affecting millions of users. As cyber threats continue to evolve, individuals and organizations must remain vigilant about the security of their online activities and the links they interact with.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Facebook users, RokRAT trojan
  • Action Required: Users should be cautious of unsolicited messages and links, enable two-factor authentication on their accounts, and regularly update their security software.
  • Timeline: Newly disclosed

Original Article Summary

North Korean state-backed threat operation APT37, also known as ScarCruft, has targeted Facebook users with the RokRAT trojan as part of a new multi-stage social engineering campaign, The Hacker News reports.

Impact

Facebook users, RokRAT trojan

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should be cautious of unsolicited messages and links, enable two-factor authentication on their accounts, and regularly update their security software.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Trojan, Meta.

Read Original Article

Related Coverage

The exploit gap is closing, and your patch cycle wasn’t built for this

Help Net Security

The Cloud Security Alliance has issued a warning about a significant change in how quickly vulnerabilities can be exploited. Researchers are particularly concerned about Anthropic’s Claude Mythos, an AI system capable of autonomously identifying thousands of zero-day vulnerabilities in popular operating systems and web browsers. It doesn't just find these flaws; it also creates working exploits without any human intervention. This rapid pace of exploit development poses a challenge for organizations that rely on traditional patch cycles, as the time to fix vulnerabilities is shrinking. Companies will need to adapt their security strategies to keep up with this evolving threat landscape.

Apr 15, 2026

US Tech Force leveraged by OPM for cybersecurity hiring

SCM feed for Latest

The Office of Personnel Management (OPM) in the United States is actively recruiting cybersecurity specialists to bolster security across various federal agencies. This initiative is part of the US Tech Force program, which aims to enhance the government’s cybersecurity capabilities amid increasing threats. The hiring effort underscores the ongoing need for skilled professionals in the face of persistent cyber challenges that affect national security and the protection of sensitive data. By expanding its workforce in this critical area, OPM is taking steps to better defend against potential cyberattacks that could target federal infrastructure. This move is particularly relevant as agencies seek to improve their defenses and respond more effectively to evolving cybersecurity threats.

Apr 14, 2026

Mercor subjected to several breach-related lawsuits

SCM feed for Latest

Mercor, an AI staffing company, is currently dealing with multiple class-action lawsuits stemming from a security breach linked to the LiteLLM open-source AI platform. The breach reportedly compromised Mercor’s systems, leading to allegations of damages against the company. At least four lawsuits have been filed, highlighting the potential legal and financial repercussions for Mercor as it navigates the fallout from this incident. This situation raises concerns not only about the security of AI platforms but also about how companies manage and protect sensitive information in the face of vulnerabilities. The outcome of these lawsuits could set important precedents for accountability in the tech industry.

Apr 14, 2026

Crypto-exchange Kraken extorted by hackers after insider breach

BleepingComputer

Kraken, a major cryptocurrency exchange, is facing extortion threats from a cybercrime group that claims to have gained access to sensitive internal systems. The attackers are demanding ransom, threatening to release videos that allegedly demonstrate how they accessed client data. This incident raises serious concerns about the security of client information and the overall integrity of the exchange. Kraken has not disclosed the extent of the breach or how the hackers gained access, but the situation puts pressure on the company to bolster its security measures and protect its users. The threat of exposing internal operations is particularly alarming for any organization, especially in the cryptocurrency sector where trust is paramount.

Apr 14, 2026

Space Force official touts AI’s impact on cyber compliance

CyberScoop

A Space Force official has stated that artificial intelligence is changing the way the military branch approaches cyber compliance. The acting Chief Information Security Officer (CISO) noted that AI is moving the compliance process away from merely checking boxes to a more dynamic and meaningful assessment. This shift aims to improve how the Space Force measures cybersecurity standards and tracks adherence to them. By incorporating AI, the service hopes to enhance its ability to respond to cyber threats and manage compliance more effectively. This development is significant as it reflects a broader trend in military and government sectors to utilize advanced technologies for better security practices.

Apr 14, 2026

wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now

Hackread – Cybersecurity News, Data Breaches, AI and More

A serious vulnerability identified as CVE-2026-5194 has been found in wolfSSL, affecting a vast array of devices, including Internet of Things (IoT) devices, routers, and military systems. This flaw allows attackers to forge digital identities, which poses a significant risk to the security of billions of devices globally. Users and organizations utilizing wolfSSL should promptly update to version 5.9.1 to mitigate this risk. The widespread impact of this vulnerability emphasizes the importance of regular software updates to maintain security across various platforms. Failure to address this issue could lead to unauthorized access and potential exploitation of sensitive systems.

Apr 14, 2026